2011/3/5 Mark Andrews <ma...@isc.org>: >> So why does ns33.domaincontrol.com answer with ANSWER SECTION rather >> than AUTHORITY SECTION? > > If you ask with rd=0 (+norec), which is what nameservers do, you > get the referral. Presumably ns33.domaincontrol.com is running > BIND 8 which didn't fully comply the RFC 1034. One of the reasons > for writing BIND 9 was to sort out these corner cases. > > If rd=1 BIND 8 assumed that there was a stub resolver talking to > it so it put the response in the answer section despite it not being > authoritative for the child zone. It rd=0 it did what RFC 1034 > said to do, put the response in the authority section. > > BIND 9 will actually recurse if rd=1 and the client is in the > allow-recursion acl and fetch the answer from the child zone and > return it. If not it will return a referral. >
That's the great answer. You have cleaned my confusion which exists long time in my head. Thanks a lot Mark. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
